Setuppopcon .exe Stealer Redline Analysis

Stealer Redline
Updated on 2024-03-31 (12 days ago)
Checked by Online Virus Scanner
Online Virus Checkerv.
DB Version:2024-03-31 20:00:28!heur

RedLine Stealer is a malicious program designed to exfiltrate users’ confidential data from browsers, systems, and installed software. It is often delivered through email attachments or compromised websites. RedLine not only steals sensitive information but also poses a significant threat by introducing other malware into the victim's operating system. This two-pronged attack approach makes RedLine a potent and dangerous cyber threat.

Filesetuppopcon .exe
Checked2024-03-31 20:55:59
File Size26944496 bytes!heur Removal!heur Removal

Gridinsoft has the capability to identify and eliminate!heur without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

File Version Information

CompanyNameMicrosoft Corporation
FileDescriptionWin32 Cabinet Self-Extractor
FileVersion11.00.22621.1 (WinBuild.160101.0800)
LegalCopyright© Microsoft Corporation. All rights reserved.
OriginalFilenameWEXTRACT.EXE .MUI
ProductNameInternet Explorer
Translation0x0409 0x04b0
CompanyNameMicrosoft Corporation
FileDescriptionWin32 Cabinet Self-Extractor
FileVersion11.00.22621.1554 (WinBuild.160101.0800)
LegalCopyright© Microsoft Corporation. All rights reserved.
OriginalFilenameWEXTRACT.EXE .MUI
ProductNameInternet Explorer
Translation0x0809 0x04b0

Portable Executable Info

Image Base:0x00400000
Entry Point:0x00406d50
Compilation:2059-08-08 23:27:35
Checksum:0x019bbdaa (Actual: 0x019bbdaa)
OS Version:10.0
PDB Path:wextract.pdb
PEiD:PE32 executable (GUI) Intel 80386, for MS Windows
Sign:Chain verification from C=IE, [email protected], OU=Group Management, O=Know Your Customer Limited, CN=Claus Christensen (serial:-365698119444313454430775, sha1:504c13d2d98adecfc41cc61dc7dc9c4ce5f23091) failed: The X.509 certificate provided is self-signed - "Common Name: Claus Christensen, Organization: Know Your Customer Limited, Organizational Unit: Group Management, Email Address: [email protected], Country: IE"
Imports: ADVAPI32, KERNEL32, GDI32, USER32, msvcrt, COMCTL32, Cabinet, VERSION,
Exports: 0


Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00001000 0x0000669c 0x00006800 8efccde25b9e492cde40b5ef253cf7a7 6.27
.data 0x00008000 0x00001aa0 0x00000200 7b9890a93c0516bb070e1170cfde54d5 4.97
.idata 0x0000a000 0x00001056 0x00001200 8fa33e292b5a9d9dcf9cf67d5c955b3d 5.04
.rsrc 0x0000c000 0x019a8000 0x019a7c00 ba95cdebc2f40ca51ada3794eaf184e2 8.00
.reloc 0x019b4000 0x00000888 0x00000a00 0e9fae0fc18f3412188d18fc97b6fc55 6.27

Leave a comment*

Share your thoughts or insights about this file. Do you align with our conclusion?

*Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Please Wait...

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware